This is something that has come up before. I propose that the real problem here is that 'objectIds' should not be web-traversable.
I have, in fact, proposed this before. It caused a bit of grumbling among people using xml-rpc, who were using objectIds remotely, so we never came to closure on it.
Please No.
Zope security is complex enough without having to worry about different security settings depending on how a method is accessed. (And we should have a lower tolerance for complexity when it applies to security)
As a compromise, all I've done is make 'objectIds' and 'objectValues' non Web traversable. It is simple enough for anyone who actually _wants_ to use them to write a DTML Method like: <dtml-return objectIds> ...and use that instead of calling 'objectIds' directly over HTTP. This should make those concerned about the exposure of names happier without placing much of a burden on those who want them exposed, and does not complicate the security model. FWIW, I agree that adding access method into the security mix would add a great deal of complexity. It may turn out to be necessary in the future, but I'm not yet convinced of that. Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com